From 7cfa7a7671f0bf8316bc63912452e156fc48129e Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 17 May 2012 19:59:46 -0700 Subject: [PATCH] tell browser not to cache permission denied (private) photos so that after authenticating we don't have to fight the browser - plus more prvgroup work --- include/items.php | 6 +++--- mod/photo.php | 21 +++++++++++++++++++-- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/include/items.php b/include/items.php index 51e21d289b..ac7580cc15 100644 --- a/include/items.php +++ b/include/items.php @@ -2199,7 +2199,7 @@ function local_delivery($importer,$data) { if($is_reply) { $community = false; - if($importer['page-flags'] == PAGE_COMMUNITY) { + if($importer['page-flags'] == PAGE_COMMUNITY || $importer['page-flags'] == PAGE_PRVGROUP ) { $sql_extra = ''; $community = true; logger('local_delivery: possible community reply'); @@ -2226,8 +2226,8 @@ function local_delivery($importer,$data) { if($r && count($r)) $is_a_remote_comment = true; - // Does this have the characteristics of a community comment? - // If it's a reply to a wall post on a community page it's a + // Does this have the characteristics of a community or private group comment? + // If it's a reply to a wall post on a community/prvgroup page it's a // valid community comment. Also forum_mode makes it valid for sure. // If neither, it's not. diff --git a/mod/photo.php b/mod/photo.php index 1d38fe8e45..3cd8250a9e 100644 --- a/mod/photo.php +++ b/mod/photo.php @@ -28,6 +28,8 @@ function photo_init(&$a) { } }*/ + $prvcachecontrol = false; + switch($a->argc) { case 4: $person = $a->argv[3]; @@ -134,6 +136,7 @@ function photo_init(&$a) { ); if(count($r)) { $data = file_get_contents('images/nosign.jpg'); + $prvcachecontrol = true; } } } @@ -179,8 +182,22 @@ function photo_init(&$a) { } header("Content-type: image/jpeg"); - header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT"); - header("Cache-Control: max-age=" . (3600*24)); + + if($prvcachecontrol) { + + // it is a private photo that they have no permission to view. + // tell the browser not to cache it, in case they authenticate + // and subsequently have permission to see it + + header("Cache-Control: no-store, no-cache, must-revalidate"); + + } + else { + + header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT"); + header("Cache-Control: max-age=" . (3600*24)); + + } echo $data; killme(); // NOTREACHED -- 2.39.5